Malware Analysis Report

2024-10-16 06:35

Sample ID 240609-t8glssdc27
Target en
SHA256 9f627800d9a7b119e351ac85f2e88eb01762841319b2fc60d235cc8497662c6a
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

9f627800d9a7b119e351ac85f2e88eb01762841319b2fc60d235cc8497662c6a

Threat Level: No (potentially) malicious behavior was detected

The file en was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-09 16:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 16:43

Reported

2024-06-09 17:54

Platform

android-x86-arm-20240603-en

Max time kernel

374s

Max time network

1828s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp
GB 142.250.187.227:80 tcp
GB 142.250.179.228:443 tcp
GB 172.217.16.226:443 tcp
GB 142.250.180.3:443 tcp
GB 172.217.169.46:443 tcp
GB 142.250.180.3:443 tcp
GB 172.217.169.46:443 tcp
GB 142.250.180.3:443 tcp
GB 142.250.180.3:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.179.227:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
BE 74.125.133.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.200.14:443 tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-09 16:43

Reported

2024-06-09 17:23

Platform

debian9-armhf-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-09 16:43

Reported

2024-06-09 17:23

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 16:43

Reported

2024-06-09 17:53

Platform

macos-20240410-en

Max time kernel

1640s

Max time network

1643s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/en.html"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/en.html"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/en.html"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/en.html]

/bin/zsh

[/bin/zsh -c /Users/run/en.html]

/Users/run/en.html

[/Users/run/en.html]

/bin/sh

[sh /Users/run/en.html]

/bin/bash

[sh /Users/run/en.html]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.diagnosticd]

/usr/libexec/diagnosticd

[/usr/libexec/diagnosticd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.newsyslog]

/usr/sbin/newsyslog

[/usr/sbin/newsyslog]

Network

Country Destination Domain Proto
DE 20.52.64.201:443 tcp
DE 51.116.246.105:443 tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
GB 17.250.81.67:443 tcp
US 8.8.8.8:53 cds.apple.com udp
BE 104.68.86.71:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 2.21.189.171:443 help.apple.com tcp
GB 2.21.189.171:443 help.apple.com tcp
N/A 224.0.0.251:5353 udp
IE 17.57.146.88:5223 tcp
US 8.8.8.8:53 40-courier.push.apple.com udp
GB 17.57.146.154:5223 40-courier.push.apple.com tcp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-09 16:43

Reported

2024-06-09 17:23

Platform

debian12-armhf-20240221-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-09 16:43

Reported

2024-06-09 17:23

Platform

debian12-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-09 16:43

Reported

2024-06-09 17:23

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-09 16:43

Reported

2024-06-09 17:23

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Command Line

[/tmp/en.html]

Signatures

N/A

Processes

/tmp/en.html

[/tmp/en.html]

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-09 16:43

Reported

2024-06-09 17:23

Platform

ubuntu2004-amd64-20240508-en

Max time kernel

0s

Max time network

0s

Command Line

[/tmp/en.html]

Signatures

N/A

Processes

/tmp/en.html

[/tmp/en.html]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-09 16:43

Reported

2024-06-09 17:23

Platform

ubuntu2204-amd64-20240522.1-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-09 16:43

Reported

2024-06-09 17:23

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A